hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python/ServerSideRequestForgeryQuery

Browse Source 
python/ql/src/Security/CWE-918/PartialServerSideRequestForgery.ql
This commit is contained in:
Nora Dimitrijević
2025-10-14 14:02:17 +02:00
parent baccdcc07f
commit 37fff48dcd
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll
View File

@@ -68,7 +68,8 @@ private module PartialServerSideRequestForgeryConfig implements DataFlow::Config
predicate observeDiffInformedIncrementalMode() { any() }
Location getASelectedSinkLocation(DataFlow::Node sink) {
// Note: this query does not select the sink itself
result = sink.(Sink).getLocation()
or
result = sink.(Sink).getRequest().getLocation()
}
}